First HIPAA Violator Gets 16-Month Jail Term

November 8, 2004 (PLANSPONSOR.com) - A federal judge
has slapped a former cancer treatment facility worker with a
16-month jail term for violating federal privacy laws by
stealing a cancer patient's identity to get four credit cards
in the patient's name.

>In imposing the sentence on Richard Gibson who had
pleaded guilty to the charges this summer (See
HIPAA Notches its
First Conviction
), US District Judge Ricardo Martinez called Gibson’s
conduct “some of the most deplorable I’ve seen in 15 years
on the bench,” according to a Seattle US Attorney’s Office
statement quoted by Thompson.Com.

>Gibson stood accused of violating the privacy
provisions of
Health Insurance Portability and Accountability Act
(HIPAA) – the first person to be criminally convicted of
that federal statute.

>According to Thompson, Gibson admitted obtaining the
patient’s name, date of birth and Social Security number
and disclosing this information to get credit cards in the
patient’s name. He told the court he was “very sorry” and
“wasn’t thinking [he] was going to hurting someone.” John
McKay, the US attorney in Seattle, said Gibson also
admitted he used the cards to rack up more than $9,000 in
debt, buying video games, jewelry, and other personal
items, the government said. Gibson was fired shortly after
the identity theft was discovered.

>However, Martinez called the identity theft “a
vicious attack on someone fighting for his life.” In
addition to the prison term, he sentenced Gibson to three
years of supervised release and more than $9,000 in
restitution.